#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 IPFire Development Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see . #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
my %cgiparams=();
my %checked=();
my %selected=();
my $errormessage = '';
my $filename = "${General::swroot}/dnsforward/config";
my $changed = 'no';
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
&Header::showhttpheaders();
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'ZONE'} = '';
$cgiparams{'FORWARD_SERVERS'} = '';
$cgiparams{'REMARK'} ='';
$cgiparams{'DISABLE_DNSSEC'} = 'off';
&Header::getcgihash(\%cgiparams);
open(FILE, $filename) or die 'Unable to open config file.';
my @current = ;
close(FILE);
###
# Add / Edit entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
{
# Check if the entered domainname is valid.
unless (&General::validdomainname($cgiparams{'ZONE'})) {
$errormessage = $Lang::tr{'invalid domain name'};
}
my @forward_servers = split(/\,/, $cgiparams{'FORWARD_SERVERS'});
foreach my $forward_server (@forward_servers) {
# Check if the settings for the forward server are valid.
unless(&General::validip($forward_server) || &General::validfqdn($forward_server)) {
$errormessage = "$Lang::tr{'invalid ip or hostname'}: $forward_server";
last;
}
}
if ($cgiparams{'DISABLE_DNSSEC'} !~ /^(on|off)?$/) {
$errormessage = $Lang::tr{'invalid input'};
}
# Go further if there was no error.
if ( ! $errormessage)
{
# Save servers separated by |
$cgiparams{'FORWARD_SERVERS'} = join("|", @forward_servers);
# Check if a remark has been entered.
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
# Set to off if not enabled
if (!$cgiparams{'DISABLE_DNSSEC'}) {
$cgiparams{'DISABLE_DNSSEC'} = "off";
}
# Check if we want to edit an existing or add a new entry.
if($cgiparams{'EDITING'} eq 'no') {
open(FILE,">>$filename") or die 'Unable to open config file.';
flock FILE, 2;
print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVERS'},$cgiparams{'REMARK'},$cgiparams{'DISABLE_DNSSEC'}\n";
} else {
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'EDITING'} eq $id) {
print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVERS'},$cgiparams{'REMARK'},$cgiparams{'DISABLE_DNSSEC'}\n";
} else { print FILE "$line"; }
}
}
close(FILE);
undef %cgiparams;
$changed = 'yes';
} else {
# stay on edit mode if an error occur
if ($cgiparams{'EDITING'} ne 'no')
{
$cgiparams{'ACTION'} = $Lang::tr{'edit'};
$cgiparams{'ID'} = $cgiparams{'EDITING'};
}
}
# Restart unbound
&General::system('/usr/local/bin/unboundctrl', 'reload');
}
###
# Remove existing entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
{
my $id = 0;
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
}
close(FILE);
# Restart unbound.
&General::system('/usr/local/bin/unboundctrl', 'reload');
}
###
# Toggle Enable/Disable for entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
{
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
else
{
chomp($line);
my @temp = split(/\,/,$line);
$temp[0] = $cgiparams{'ENABLE'};
print FILE join(",", @temp) . "\n";
}
}
close(FILE);
# Restart unbound.
&General::system('/usr/local/bin/unboundctrl', 'reload');
}
###
# Read items for edit mode.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
{
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'ID'} eq $id)
{
chomp($line);
my @temp = split(/\,/,$line);
$cgiparams{'ENABLED'} = $temp[0];
$cgiparams{'ZONE'} = $temp[1];
$cgiparams{'FORWARD_SERVERS'} = join(",", split(/\|/, $temp[2]));
$cgiparams{'REMARK'} = $temp[3];
$cgiparams{'DISABLE_DNSSEC'} = ($temp[4] eq "on") ? "on" : "off";
}
}
}
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
$checked{'DISABLE_DNSSEC'}{'off'} = '';
$checked{'DISABLE_DNSSEC'}{'on'} = '';
$checked{'DISABLE_DNSSEC'}{$cgiparams{'DISABLE_DNSSEC'}} = "checked='checked'";
&Header::openpage($Lang::tr{'dnsforward configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
###
# Error messages layout.
#
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "$errormessage\n";
print " \n";
&Header::closebox();
}
print "\n";
###
# Existing rules.
#
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward entries'});
print <
$Lang::tr{'dnsforward zone'}
$Lang::tr{'dnsforward forward_servers'}
$Lang::tr{'remark'}
$Lang::tr{'action'}
END
;
# If something has happened re-read config
if($cgiparams{'ACTION'} ne '' or $changed ne 'no')
{
open(FILE, $filename) or die 'Unable to open config file.';
@current = ;
close(FILE);
}
###
# Re-read entries and highlight selected item for editing.
#
my $id = 0;
my $col="";
foreach my $line (@current)
{
$id++;
chomp($line);
my @temp = split(/\,/,$line);
my $toggle = '';
my $gif = '';
my $gdesc = '';
my $toggle = '';
my $notice = "";
# Format lists of servers
my $servers = join(", ", split(/\|/, $temp[2]));
my $disable_dnssec = $temp[4];
if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
print "
END
;
}
print "\n";
###
# Print the legend at the bottom if there are any configured entries.
#
# Check if the file size is zero - no existing entries.
if ( ! -z "$filename") {
print <
$Lang::tr{'legend'}:
$Lang::tr{'click to disable'}
$Lang::tr{'click to enable'}
$Lang::tr{'edit'}
$Lang::tr{'remove'}
$Lang::tr{'dnsforward dnssec disabled'}
END
;
}
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
